Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update client authentication strategy #92

Open
JakeUrban opened this issue Dec 17, 2024 · 0 comments
Open

update client authentication strategy #92

JakeUrban opened this issue Dec 17, 2024 · 0 comments

Comments

@JakeUrban
Copy link
Contributor

What problem does your feature solve?

It doesn't make sense for the wallet backend to use SEP-24's callback signature as a means for authenticating clients. Instead, the wallet backend should use an authentication method that is more familiar to clients of backend web services.

What would you like to see?

First, we should determine the wallet backend should enforce any form of authentication. If the wallet backend is intended to always be deployed within a business' internal infrastructure then it may be acceptable to make authentication optional or omit it entirely. Another approach may be to recommend businesses deploy a the wallet backend with a proxy server that handles client authentication before forwarding requests.

If we do decide to implement authentication directly into the wallet backend, we should consider the tried-and-true approaches we see implemented by other backend web services.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant